I will pretend and explore with an investigative role using my primary account to assess the impact caused by Chris's account.
Navigate to Microsoft Sentinel.
Click on "SEC-Monitoring".
On the Dashboard, 8 New incident was detected.
- Click on "Incidents" under Threat Management. It displays the incident is create around 7:20 AM - 7:45 AM.
- I can investigate multiple incidents at once by checking boxes for the ones that I want to investigate.
- Then, Click on "Actions".
- Change the Owner: "Assign to me".
- Status: "Active".
- Click on "Apply".
- The owner and status has been changed for the incident.
- This is a very import step, it helps to establish accountability. Ensures that there is no confusion regarding to who is responsible for resolving the incident.
Explore Created Incidents in SIEM
I will pretend and explore with an investigative role using my primary account to assess the impact caused by Chris's account.
Navigate to Microsoft Sentinel.
Click on "SEC-Monitoring".
On the Dashboard, 8 New incident was detected.
- Click on "Incidents" under Threat Management. It displays the incident is create around 7:20 AM - 7:45 AM.
- I can investigate multiple incidents at once by checking boxes for the ones that I want to investigate. - Then, Click on "Actions".
- Change the Owner: "Assign to me". - Status: "Active". - Click on "Apply".
- The owner and status has been changed for the incident.
- This is a very import step, it helps to establish accountability. Ensures that there is no confusion regarding to who is responsible for resolving the incident.